China’s cyber-attacks and the threat to democracy
The UK and other countries have growing concerns over Beijing’s operations that target national security
The British government has accused China of hacking the United Kingdom Electoral Commission, gaining access to information about millions of voters.
The UK and the United States have since sanctioned a company that is a front for the Chinese Ministry of State Security or MSS, Wuhan Xiaoruizhi Science and Technology, and affiliated individuals for the breach and for placing malware in critical infrastructure.
Many other countries have growing concerns over cyber operations that target national security, technological innovation, and economic interests.
Beijing has been linked to state-sponsored cyber espionage activities for some time. Targets have included foreign governments, businesses, and critical infrastructure.
While China is not inherently a threat to the UK, the two countries have a complex relationship, characterized by cooperation and competition.
Military ambitions
China has economic influence over the UK and the two compete on innovation. But China’s military ambitions, human rights record, and reputation for covert influence campaigns require careful diplomatic and strategic management.
It is not clear what precisely motivated the attack on the Electoral Commission but they are generally linked to various strategic interests. States may target foreign electoral organizations to influence election results or undermine the democratic processes.
They may seek leverage with whatever information they gather, either economically or in terms of global positioning.
These activities are not unique to China. In a deeply connected and increasingly digitized world, many states are strategically motivated to engage in subterfuge of this kind.
The US Cybersecurity and Infrastructure Security Agency or CISA has already detailed the methods deployed by MSS affiliates in their cyber espionage. They exploit vulnerabilities in software and systems, penetrating federal government networks and commercial entities.
Their approach demonstrates a deep understanding of cyber warfare and intelligence gathering, as well as a high level of expertise. It is clear that significant resources have been put at their disposal.
Central to their strategy is the active exploitation of vulnerabilities. They meticulously search for and take advantage of weaknesses across target systems and software.
By identifying these security gaps, they manage to bypass protective measures and infiltrate sensitive environments, aiming to access and extract valuable information.
In gathering intelligence, these operatives scour publicly available sources – including the media and public government reports – to accumulate critical data on their targets.
Targeted attacks
This could range from specifics about an organization’s IT infrastructure and employee details to potential security lapses. Such intelligence lays the groundwork for highly targeted and effective cyber-attacks.
Meanwhile, they scan for vulnerabilities in the system itself, uncovering essential details like open ports and the services running on them. This will include any software ripe for exploitation due to known vulnerabilities.
The operatives then leverage all this information to gain unauthorized access. They exploit system flaws to induce unexpected behaviors, allowing for the installation of malware, data theft, and system control.
The ultimate aim of these operations is the exfiltration of data, such as the names and addresses of British voters in the case of the Electoral Commission.
They illicitly copy, transfer, or retrieve data from compromised systems, targeting personal information, intellectual property, and government or commercial secrets.
It was known last year that the Electoral Commission had come under attack but the suspects have only now been named publicly.
Despite the breach, the Electoral Commission claims that the core elements of the UK’s electoral process remain secure and that there will be “no impact” on the security of elections.
This is in part because so much of the British system is paper-based. People are processed by hand when they go to a polling station on election day. They use a pencil and a paper ballot to vote, and their votes are counted by hand.
These factors make it very difficult to influence the outcome of a British election via a cyberattack, unlike in countries that use electronic voting machines or automated counting.
Electoral registers
Paper ballots and records, being tangible and physically countable, provide a verifiable trail. So even in the event of a cyber intrusion, the fundamental act of casting and counting votes remains untainted by digital vulnerabilities.
The breach nevertheless raises questions about the effectiveness of existing monitoring and logging systems for detecting data breaches.
The attack targeted not only the electoral registers but also the commission’s email and control systems. The data potentially accessed included the full names, email addresses, home addresses and phone numbers of British citizens.
Nor is the commission the only target in the British political system.
The National Cyber Security Centre or NCSC assesses with a high degree of certainty that APT31, an advanced persistent threat group affiliated with the Chinese state, has engaged in reconnaissance activities targeting UK parliamentarians.
To secure its elections from cyber threats like those from APT31, the British government is already improving the overall resilience of its elections cyberinfrastructure. It is working closely with the NCSC to identify threats and emerging trends.
These efforts are likely to include regular security audits, penetration testing and the adoption of secure software development practices to ensure that systems are robust.
But what is perhaps most significant in the case of the Electoral Commission hack is the fact that the British government has called China out so explicitly. This is a strategy decided on with allies as a way of holding perpetrators more accountable.
State actors
Publicly attributing cyber-attacks to specific state actors or groups sends a clear message that such activities are being monitored and will not go unchallenged.
This strategy of transparency and accountability is pivotal in establishing international norms and expectations for state behavior in cyberspace.
Soraya Harding is a senior lecturer in Cybersecurity Intelligence and Digital Forensics at the University of Portsmouth in England.
This article is republished from The Conversation under a Creative Commons license. Read the original article.
The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy of China Factor.